Schools targeted for sensitive data breach: Protecting valuable information from data breach

Data breach problem:

As the first quarter of 2015 came and went one thing remained constant in the news: small businesses, large businesses, and schools are all becoming victims of hackers who are seeking sensitive data to use for criminal intent.  Data breach is quickly becoming one of the most talked about areas where businesses and schools are at risk for major financial loss.  This trend is expected to continue as more and more schools utilize the conveniences of online payment systems for everything from lunches to tuition and books.  It is estimated that approximately 1 in 5 small businesses become victim of cybercrime every year. 

Cyber criminals are constantly trying to hack into businesses computer systems which are targeted because they have weak cyber security.  In other words, cyber criminals do not exclusively target businesses such as financial institutions because those businesses traditionally have the best cyber security plan.  Instead they go after businesses they identify, through phishing or other schemes, as having weak cyber security platforms.  Once they gain unauthorized entry to a company’s computer system, they then have the time to find any information of value to criminals who will purchase the stolen data or worse they will use the data themselves for criminal intent.  The complete nuance of cybercrime is complicated, but recognizing the need for a cyber-security plan to protect your school, faculty, staff, and students’ personal data is simple.  If you have sensitive data of a personal nature of anyone stored in computers at your school, you need to protect that data from unauthorized access.

Protecting information:

As technology has advanced over the years, the tools used by cyber criminals to hack into a business’s network have advanced as well.  Traditional firewalls designed to protect an organization’s private network are no longer effective in preventing mal-ware and other attacks that allow hackers access to personal information.  If your school has not recently created an internet security plan the chances are high that the computer firewall protecting private information from outsiders is outdated.  Make sure your firewall is referred to as a next generation firewall designed to combat the latest hacker’s attacks.  Next generation firewalls typically include a process of verifying user identity, purpose for access, and the reputation of the computer seeking access to information.

Several laws exist such as the Gramm-Leach-Bliley Act, HIPAA, and state laws that require businesses to adopt, “reasonable, appropriate, and necessary” measures to protect sensitive data, but the laws do not tell us what is meant by reasonable, appropriate and necessary.  This is one reason why schools and other businesses should strive to keep their data security plan up to date with the changing technology.

In addition to a next generation firewall an up to date information security plan will have what’s known in the industry as, advance threat protection.  As mentioned earlier small businesses are becoming victims of advanced cyber-attacks BECAUSE they are traditionally an easier target than larger businesses with more resources to protect their data.  Advance threat protection includes common protection features of I.T. security platforms in addition to protecting in the areas of: access control, threat prevention, threat detection, and incident response. 

Access control limits the number of access points to a network by using pre-determined authorized ports available to authorized users only.  This reduces overall vulnerability of the network.

Threat prevention is an aspect of advanced threat protection that monitors and inspects incoming codes, packets of data, web-sites visited and program / command applications for suspicious and known methods of network intrusion.

Threat detection is the continual monitoring of the network for indicators of intrusion or compromise that may have gotten through the initial layers of protection.

Finally, incident response is identifying and containing problems if the detection and prevention systems of your cyber security plan find a threat in your system.  With the increase in popularity of “Cloud” technology small businesses can afford advanced protection from attacks through the use of a reputable cyber security vendor.    

In addition to next generation firewalls and advance threat protection another important I.T. security feature to protect against data breach is a secure wireless connection.  As obvious as this seems, there are still businesses who for one reason or another run their networks on an open unsecured Wi-Fi network essentially inviting cyber criminals to attack your business.

Another I.T. security feature small businesses and schools should utilize is a data leakage prevention plan.  As simple as this sounds it is only accomplished through using encryption devices.  Data leakage prevention policies extend to removable media devices that have access to confidential information.  Credit card numbers, transaction details and other forms of sensitive data should be protected from hackers at all cost.

Planning ahead:

As cyber security threats increase it is important for schools and other small businesses to stay on top of the threats.  Fortunately the computer and software industry as a whole continues to address security challenges as they arise creating what some call, “the race to build the Silicon Valley of Cybersecurity.”  By maintaining a proactive approach to information security planning and utilizing expert vendors when needed, many small businesses will be able to better protect themselves from cyber-attacks than their internet service provider or I.T. security software can provide.


The information provided in this article is intended for general informational purposes only and should not be considered as all encompassing, or suitable for all situations, conditions, and environments. Please contact us or your attorney if you have any questions.

For safety or risk management questions or suggestions, please contact Markel.

Email us